Besides the GOS-Admin Interface there is the possibility to use the command line interface of the GSM. Some settings like a Syslog server are currently only accessible via this interface. This chapter shows how to perform these changes.
The CLI can be accessed via serial console or SSH. However, SSH access is possibly deactivated and has to be enabled via the CLI or the GOS-Admin-Menu through the serial console (see section SSH Access).
Access via SSH from UNIX/Linux can be done directly via command line:
$ ssh admin@<gsm>
Replace gsm with the IP address or DNS name of the GSM appliance. To verify the host-key, its checksum can be displayed via serial port prior. To do this in the GOS-Admin-Menu, change into the submenu Remote and select SSH Fingerprint.
While the GOS-Admin-Menu offers a simple menu controlled access for the configuration of the GSM appliance, the command line allows for a much more powerful access to the system. However, in the Command-Line-Interface (CLI) you have to enter the commands in the command line.
Access to the command line via serial port is described in the respective section of the setup guide. Login is preformed with user admin (see section Log in as admin). The factory default password is admin. Alternatively SSH can be used to log in (see section SSH Access).
To avoid typos the
Tab key can be utilized.
It automatically completes entered commands.
Try it: Enter
gos on the GSM command line and press the
The characters change automatically to
All changes in the settings that are being performed in the CLI are not activated immediately. As soon as a setting is changed in the CLI the prompt changes and indicates that there is an unsaved change. An asterisk at the prompt indicates a change that is not activated yet.
rollback allows the decision between accepting or reverting of a change.
In addition the
get command shows if a variable is currently get.
This is indicated with an
s at the beginning of the line.
u indicates that the variable currently is not set.
Clearing of a variable is possible with the command
Variables can be configured with
Like the GOS-Admin-Menu the CLI offers the possibility to change the password of the administrator and to create a web administrator (scan administrator respectively). It features many additional powerful commands.
passwd changes the password of the CLI administrator.
This is the password required when logging in via serial console or via SSH.
To change the password enter the command
gsm: passwd Changing password for admin. (current) UNIX password: old-password Enter new UNIX password: new-password Retype new UNIX password: new-password passwd: password updated successfully
To create a web administrator the CLI use the command
This command expects the user name and password of the creating Administrator.
gsm: addadmin webadmin:kennwort Creating user with temporary password. User created with password 'b759489e-c0ba-40eb-90c1-c165b641700c'. Setting password to desired value. User was successfully created.
On the GSM command line the command
shell starts a UNIX command line as unprivileged user admin.
Any UNIX command can be executed.
This superuser is not identical and as such independent from the Super Admin that can be created for the web interface (see section Super Admin).
To obtain root rights (superuser) on the GSM appliance the command su needs to be entered. In the factory default settings this is only possible when connected locally via serial console. When logging in via SSH access to root is blocked. For day-to-day operation the admin user should be enough. The enabling of root access should only be done by exception and by consulting with Greenbone support.
To enable login as root the variable
superuser must be set.
gsm: get superuser s superuser disabled gsm: set superuser enabled gsm *: commit gsm: get superuser s superuser enabled
After this change a reboot of the GSM appliance is required!
When enabling superuser access a secure password for the root user should be set, too.
superuserpassword variable can be used to set the root password.
By default the password is disabled.
gsm: get superuserpassword s superuserpassword disabled gsm: set superuserpassword kennwort gsm *: commit gsm:
The GSM appliance basically can use two types of certificates:
The use of self-signed certificates is the easiest way. It poses, however, the lowest security and more work for the user:
The use of a certificate issued by a certificate authority has several advantages:
All modern operating systems support the creation and management of their own certificate authority. Under Microsoft Windows Server the Active Directory Certificate Services support the administrator in the creation of a root CA. For Linux systems various options are available. One option is described in the IPSec-Howto.
When creating and exchanging certificates it needs to be considered that the admin verifies how the systems are accessed later before creating the certificate. The IP address or the DNS name respectively, is stored when creating the certificate. Additionally after creating the certificate a reboot is required so that all services can use the new certificate. This needs to be taken into consideration when changing certificates.
To support a quick setup the GSM supports self-signed certificates. However, by factory default of many variants such a certificate is not pre-installed and must be created by the administrator. The GSM ONE, however, already comes with a pre-installed certificate. Please refer to section Self-signed certificate.
Self-signed certificates can be easily created in the command line.
Alternatively the admin can create a self-signed certificate via the GOS-Admin-Menu (SSL-Self-Signed).
Before creating the certificate the admin needs to verify how the GSM is accessed later. The actual ip address and fqdn also depend on the setting of the
ifadm (see section Management Adapter).
Is it accessed via IP address (https://192.168.15.5) or a DNS name (https://gsm.example.com)?
The IP address or the DNS name respectively, must be entered when creating the certificate. It can only be changed at a later point by creating a new certificate.
After creating the certificate a reboot is required so all services can use the new certificate.
gsm: sslselfsign Generating a 2048 bit RSA private key .+++ ................................................................................+++ unable to write ’random state ’ writing new private key to ’selfcert.pem ’ ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value , If you enter ’.’, the field will be left blank. ----- Country Name (2 letter code) [DE]: DE State or Province Name (full name) [ Niedersachsen ]: Bundesland Locality Name (eg , city) [Hildesheim ]: Stadt Organization Name (eg , company) [Greenbone Networks Customer ]: Firma Organizational Unit Name (eg , section) [ Vulnerability Management Team ]: Abteilung IP -address of the GSM , or it ’s FQDN (HOSTNAME.DOMAINNAME) : 192.168.155.180 Email Address of the GSM Administrator : email@example.com
To read and display the certificate use the
This section covers the CLI commands for the management of the appliance. This includes reboot and shutdown, the setting up of the network configuration and the configuration of mail servers and logging servers.
To shut down the appliance enter the
shutdown command in the CLI.
Depending on the model in use it can happen that the appliance does not shut itself off automatically.
However, as soon as the shutdown is performed the appliance can be powered off.
gsm: shutdown Are you sure you want to shutdown the system? y/n? y
Possible running scan processes can be restarted after reboot.
To reboot the appliance enter the
reboot command in the CLI.
gsm: reboot Are you sure you want to reboot the system? y/n? y
A reboot or shutdown will be declined if essential administrative changes are running on the appliance such as an upgrade.
The network configuration in the CLI is preformed via the setting of variables.
commit is always required after.
The following parameters can be set.
The name of the appliance appears in the scan reports and in the Syslog messages on a central logging server. It makes sense to choose a descriptive name. The following characters can be used:
gsm: get hostname s hostname gsm gsm: set hostname gsm-frankfurt gsm *: commit gsm: get hostname s hostname gsm -frankfurt
The domain name like the hostname appears in the scan reports and the Syslog messages on a central logging server. Furthermore the configured domain will be used automatically with emails as the sending domain. Additionally the domain name is appended to not fully qualified hostname as such suffix.
The domain name can use the same characters as the hostname.
gsm: get domainname s domainname greenbone.net gsm: set domainname musterfirma.de gsm *: commit gsm: get domainname s domainname musterfirma.de
The GSM appliance supports up to three DNS servers. At least one DNS server is required. Additional servers will only be used at an outage of the first server.
Three variables are available:
To delete a DNS server use the
gsm: get dns2 s dns2 220.127.116.11 gsm: unset dns2 gsm *: commit gsm: get dns2 u dns2
The GSM appliances come with up to 24 network adapters. Each of these adapters can be configured with an IPv4 and an IPv6 address. When using IPv4 addresses the keyword dhcp can be entered. An IP address will be assigned via DHCP. The variables are.
For X any number between 0 and 23 can be entered. This depends on the hardware in use.
gsm: get address_eth0_ipv4 s address_eth0_ipv4 dhcp gsm: set address_eth0_ipv4 192.168.155.108/24 gsm *: commit gsm: get address_eth0_ipv6 u address_eth0_ipv6 gsm: set address_eth0_ipv6 2001:db8:0:1::1/64 gsm *: commit gsm:
After configuring the IP addresses a reboot is required so that the addresses are in actual use.
To delete an IP address use the command
When deleting and IPv4 address it only deactivates this address.
The IPv6 address is still reachable.
Basically the IPv6-link-local-address is always active on every network adapter as well.
If IPv6 should be disabled the
ipv6support variable is used.
It deactivates IPv6 support for the entire appliance.
The link-local-addresses will disabled as well.
To configure the default gateway use the variable
When using DHCP to assign IP addresses the default route will also be set via DHCP unless with the variable
default_route_ipv4 a router is set explicitly.
gsm: get default_route_ipv4 u default_route_ipv4 gsm: set default_route_ipv4 192.168.155.1 gsm *: commit gsm:
Only the IPv4 default gateway can be configured via the CLI. Complex routing settings must be done via the expert network configuration (see section Expert Network Configuration).
To synchronize the appliance with central time servers the GSM appliance supports the NTP-Protocol. Two NTP servers the appliance will use for time synchronization can be configured. The appliance will chose the most suitable server. During an outage of a server the other server will be used automatically.
ntp_server2 are available.
Both variables require an IP address as an entry.
The entry of a DNS name is not allowed.
gsm: set ntp_server1 18.104.22.168 gsm *: commit
To test the use and functionality of the protocol use the
gsm: ntpq remote refid st t when poll reach delay offset jitter ============================================================================== *ptbtime1.ptb.de .PTB. 1 u 245 1024 377 14.131 -0.432 0.495 +ptbtime2.ptb.de .PTB. 1 u 1012 1024 377 13.544 0.015 0.354 LOCAL (0) .LOCL. 10 l 53h 64 0 0.000 0.000 0.000
You can determine the configured NTP server, polling, reachability, time delay, offset and jitter. The asterisk (*) in the first column indicates which server the appliance currently synchronizes with.
If you want to send reports after completion of a scan automatically via email the appliance needs to be configured with a mail server. The appliance itself does not come with a mail server.
Confirm that the mail server that the mail server accepts emails sent form the appliance. The appliance does not store emails in case of delivery failure. A second delivery attempt at a later time will not be attempted. On the mail server possible spam protection such as grey listing must be deactivated for the appliance. Authentication using a username and password is also not supported by the appliance. The authentication must be done IP based!
To configure the mail server use the
gsm: get mailhub s mailhub mail.greenbone.net gsm: set mailhub mx.musterfirma.de gsm *: commit
The GSM appliance allows for the configuration of a central logging server for the collection of the logs. The GSM appliance uses the Syslog protocol. Central collection of the logs allows for central analysis, management and monitoring of logs. Additionally the logs are also stored locally.
Two logging servers can be configured. Both will be used. As transport layer both UDP (default) and TCP can be used. TCP ensures delivery of the logs even when packet loss occurs. If packet loss occurs during a transmission vie UDP the log messages will be lost.
Two variables can be configured:
The format is as follows:
gsm: set syslog_server1 tcp://192.168.0.5:2000 gsm *: commit
If no port is specified the default port 514 will be used. If the protocol is not specified UDP will be used.
The GSM appliance supports SNMP. The SNMP support can both be used for sending of traps through alerts (see section Alerts) as well as the monitoring of vital parameters of the appliance.
The supported parameters are specified in a Management Information Base (MIB) file. The current MIB is available from the Greenbone tech [doc] portal.
The GSM appliance supports SNMP version 3 for read access and SNMPv1 for traps.
The simplest way to configure the SNMPv3 is via the GOS-Admin-Menu under section Remote and SNMP Configuration. There is it also explained that the GSM will transfer the SNMPv3 user password with SHA-1 and use AES as encryption.
Sending traps is configured in the GOS-Admin-Menu under Network and SNMP.
Alternatively the following variables allow for the configuration of the SNMP access:
For sending alerts as SNMP traps use the following parameters.
gsm: set snmp_trap enabled gsm *: set snmp_trapcommunity public gsm *: commit gsm: get snmp_trapreceiver s snmp_trapreceiver 192.168.0.1
To configure read access for SNMP via CLI, use the respective variables
Afterwards test read access of the SNMP service under Linux/Unix with
$ snmpwalk -v 3 -l authPriv -u user -a sha -A password -x aes -X key 192.168.155.180 iso .22.214.171.124.126.96.36.199 = STRING: "Greenbone Security Manager" iso .188.8.131.52.184.108.40.206 = STRING: "gsm" ...
The following information may be gathered:
The GOS-Admin-Menu and the variables currently only allow for simple network configuration. The configuration of VLANs or multiple static routes is not possible.
To make respective changes in the configuration an expert mode exists. It requires the input of all settings via script. The creation, editing and activation of this script is covered in this section.
Once the expert mode is used IP addresses can no longer be changed via the GOS-Admin-Menu or variables!
To use the expert mode it must be activated first. Execute the following command in the CLI (see section Command line). Afterwards an reboot is required.
gsm: set netmode expert gsm *: commit gsm: reboot Are you sure you want to reboot the system? y/n? y
To revert back to normal mode at the later date use the command set netmode default.
Note that you need to execute
commit to enable the set netmod command.
After editing the file
reboot is required to commit the settings.
Currently the command set netmode expert puts the appliance in a state whereby the user has to enter the entire configuration manually.
To save them permanently the commands must be entered in within the
expertnet.sh file and made executable (see below).
To edit the file change into shell mode.
Enter the command
gsm: shell ATTENTION: The shell command should only be used by expert users. To leave the expert mode , type ’exit ’. admin@gsm :~$ ls -l expertnet.sh -rwxr --r-- 1 admin admin 131 May 4 2012 expertnet.sh admin@gsm :~$ _
Since you are in the Greenbone shell the files in the home directory can be displayed with the command ls.
expertnet.sh is located here.
The file can be customized with an editor.
vi, vim or nano can be used for editing.
If you are not familiar with the editor vi or vim please use nano as the editor.
It displays help at the bottom of the window.
The keyboard combinations listed all are executed with the Control key:
Ctrl-O saves the file.
If the file has not been edited its content looks as follows:
# This script can be used to set custom network parameters like # VLANS , source based routing and firewall restrictions on the GSM
Editing on a different system and copying the file afterwards with secure copy is not possible. The GSM does not support secure copying via SSH.
The first change in the file is to insert a first line so that the file looks as follows:
#!/bin/sh # This script can be used to set custom network parameters like # VLANS , source based routing and firewall restrictions on the GSM
The first line directs the Greenbone OS to interpret the file using the
Without this line the file will not be executed later.
In order for the file to be able to be executed the file rights need to be configured directly.
Enter the following command in the command line:
admin@gsm :~$ chmod 755 expertnet.sh
All network configurations require the command ip. The alternate commands ifconfig, route and vconfig should not be used. Their support can be limited in the future.
To avoid problems with the paths on the appliance the command ip should always be executed with the entire path:
Configuration of IP addresses can easily be achieved with the ip command. The configuration is done in three steps:
After activating the network adapter a delay of 10 second should be included to allow enough time for the network adapter to auto-negotiate. For consistency in the example this is also done for the loopback adapter.
/bin/ip link set lo up sleep 10s /bin/ip addr add 127.0.0.1/8 dev lo /bin/ip link set eth0 up sleep 10s /bin/ip addr add 192.168.81.10/24 dev eth0 /bin/ip -f inet6 addr add 2607: f0d0 :2001::10/114 dev eth0
The first three lines activate and configure the loopback interface. This network adapter should not be forgotten in the script. Without the loopback interface the GSM will not work.
The command ip can activate multiple IP addresses on the same network adapter. ip addr add allows to add additional IP addresses. The do not replace the existing IP address. To delete an IP address ip addr del is required explicitly.
If switches are configured so that multiple VLANs with Tags (VLAN IDs  combined with an IEEE 802.1q  - trunk ) are transferred to the GSM they have to be disassembled on the GSM respectively. Sub-interfaces need to be configured on the physical network adapter. These sub-interfaces are also created with the ip command.
/bin/ip link set eth1 up sleep 10 /bin/ip link add link eth1 name eth1.91 type vlan id 91 /bin/ip link set eth1.91 up /bin/ip addr add 192.168.81.26/24 dev eth1.91
The third command creates a sub-interface called eth1.91 on network adapter eth1.
The name can be freely chosen.
For example, names like
MailDMZ can be used.
type vlan instructs the command so that a tagged VLAN is disassembled respectively.
id 91 selects the actual VLAN ID.
The additional lines activate the sub-interface and configure the IP address. Multiple IPv4 and IPv6 addresses can be configured as well.
In case a VLAN trunk is a native VLAN the physical network adapter can be configured with an IP address. If no native VLAN was configured an IP address for the physical network adapter is not required. However, remember to activate the physical network adapter if this is the case!
Most networks only have one gateway. This gateway often is referred to as default gateway. Sometimes historically grown networks use different routers for different destinations. If these routers do not communicate data through dynamic routing protocols client systems often require static routes for those destinations. The expert configuration allows for configuration of unlimited static routes.
When using expert configuration the default gateway also needs to be configured in the
If IPv4 and IPv6 is used for each protocol a separate default gateway needs to be configured.
If auto-configuration is used with IPv6 the default gateway can be omitted.
To set a route also use the ip command with the
/bin/ip route add default via 192.168.81.1 /bin/ip -f inet6 route add default via 2607: f0d0 :2001::1
default is dissolved into 0.0.0.0/0 or ::/0 respectively.
To add additional routes the following syntax can be used:
/bin/ip route add 192.168.0.0/24 via 192.168.81.5
A route for network 192.168.0.0/24 is set using the router 192.168.81.5.
To access the GSM appliance remotely basically four options are available
The timeout value can be set in the GOS-Admin-Menu (Remote/HTTPS Timeout) as well as the command line.
In the CLI use the variable
gsm: get webtimeout s webtimeout 15 gsm: set webtimeout 1 gsm *: commit gsm: get webtimeout s webtimeout 1
The value of the timeout can be between 1 and 1440 minutes (1 day).
SSH access can also be configured in the GOS-Admin-Menu (Remote/SSH) or the CLI.
In the CLI use the variable
It can have the value
disabled Additionally the variable can be deleted:
gsm: get ssh s ssh enabled gsm: set ssh disabled gsm *: commit gsm: get ssh s ssh disabled
In the GOS-Admin-Menu there is the additional possibility to display the fingerprint of the public key (host key)of the appliance.
The OpenVAS Management Protocol can be activated via the GOS-Admin-Menu (Remote/OMP) or the CLI.
In the CLI use the variable
gsm: get public_omp s public_omp disabled gsm: set public_omp enabled gsm *: commit gsm: get public_omp s public_omp enabled
On the command line system upgrades can be performed and feed synchronization can be configured. Commands and variables are available for these tasks.
systemupgrade executes an upgrade.
The status can be displayed with the command
Please take note of the Upgrade section.
To configure the synchronization feeds several variables are available:
Alternatively the configuration is possible via the GOS-Admin-Menu under Feed.
gsm: get synctime s synctime 06:25 gsm: set synctime 11:30 syntax error in value gsm: set synctime 13:30 gsm *: commit gsm: get synctime s synctime 13:30
Alternatively the feed can be started from the command line.
Execute the command
feedversion can be used to monitor the current status.
Depending on the network environment, it might be necessary to use proxy for the feed and software updates. For both, the feed and software updates, the proxy is configured with this variable:
It expects a http proxy in the syntax of
gsm: get proxy_feed u proxy_feed gsm: set proxy_feed http://220.127.116.11:3128 gsm *: commit gsm: get proxy_feed s proxy_feed http ://18.104.22.168:3128
Should the proxy require authentication it can be configured via the
This variable expects a username and password separated by a colon:
gsm: get proxy_credentials u proxy_credentials gsm: set proxy_credentials user:password gsm *: commit gsm: get proxy_credentials s proxy_credentials user:password
In Windows environments, the credential is expressed as
The Advanced options in the GOS-Admin-Menu provide access to the database management functions and the configuration of additional vulnerability scanners. Additionally you may generate a support package. This package contains all relevant system data to send to the Greebone support team.
Sometimes the Greenbone support requires additional information to troubleshoot and support customers. The required data is collected by the Support Package option. This option will create an encrypted package including all configuration data of the GSM appliance. The package is encrypted using the GPG public key of the Greenbone support team. The support package is stored on the appliance. You need to contact the Greenbone support team for further instructions on how to provide the package to Greenbone.
The GSM uses the SQlite-Database for the internal storage of NVTs, scan results, configurations, etc. Using Advanced/Database statistics the admin can request database statistics. These statistics are logged and can be viewed using Advanced/Database statistics log.
Additionally the database may be optimized using the two commands VACUUM and ANALYZE. Both commands may take several hours to complete. The ANALYZE command gathers statistics about tables and indices. The collected information is stored in internal tables where the query optimizer can use it make better query planning choices. The VACUUM command rebuilds the whole database. This may speed up very fragmented databases.
The VACCUM command displays the results of the optimization after the successful termination:
Sep 28 14:56:22 gsm md main: Optimized: vacuum. Database file size reduced by 85 MiB (55.9%)
The Advanced/Scanner Management option currently (3.1.19) supports the listing of the currently supported vulnerability scanners. Future version will support the configuration of the following vulnerability Scanners:
Different tools for monitoring and debugging of the GSM appliance are available. The GSM-CLI offers access to some UNIX commands and files that can be useful when debugging.
If the GSM is not reachable or cannot be reached by all client systems the network configuration must be checked. This is also the case should the GSM not be able to reach all of the target systems when performing a scan. Options of the GOS-Admin-Menu as well as some command line tools can be used to troubleshoot.
The following commands display the current network configuration:
This CLI specific command displays the current network configuration. Internally it uses the UNIX command ip addr show. By adding a specific network adapter the output can be limited:
gsm: getip dev eth0 2: eth0: <BROADCAST ,MULTICAST ,UP ,LOWER_UP > mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:98:36:5 f brd ff:ff:ff:ff:ff:ff inet 192.168.155.108/24 brd 192.168.155.255 scope global eth0 inet6 fe80 :: dead:beef /64 scope link valid_lft forever preferred_lft forever inet6 fe80 ::5054: ff:fe98 :365f/64 scope link valid_lft forever preferred_lft forever
This client specific command displays the current IPv4 routing table:
gsm: getroute 192.168.155.0/24 dev eth0 proto kernel scope link src& 192.168.155.108 default via 192.168.155.1 dev eth0
This command displays the configured NTP servers and their communication status:
gsm: ntpq remote refid st t when poll reach delay offset jitter =========================================================================== +ptbtime1.ptb.de .PTB. 1 u 602 1024 377 14.477 -0.319 9.907 *ptbtime2.ptb.de .PTB. 1 u 44 1024 177 13.580 0.143 0.150 LOCAL (0) .LOCL. 10 l 11d 64 0 0.000 0.000 0.000
The line with the asterisk (*) is the current preferred NTP server. The line with the plus (+) is the NTP backup server.
ip is also available in the CLI for the readable network properties.
Different information can be displayed.
To display a list of network adapters use the command ip link show. This command displays the network adapters and MAC addresses:
gsm: ip link show 1: lo: <LOOPBACK ,UP ,LOWER_UP > mtu 16436 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST ,MULTICAST ,UP ,LOWER_UP > mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 52:54:00:98:36:5 f brd ff:ff:ff:ff:ff:ff
To display the list of IP addresses use the command ip address show.
The output reflects the command
gsm: ip link show 1: lo: <LOOPBACK ,UP ,LOWER_UP > mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST ,MULTICAST ,UP ,LOWER_UP > mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:98:36:5 f brd ff:ff:ff:ff:ff:ff inet 192.168.155.180/24 brd 192.168.155.255 scope global eth0 inet6 fe80 ::5054: ff:fe98 :365f/64 scope link valid_lft forever preferred_lft forever
To display the routing table use the command ip route show.
The output reflects the command
To display the IPv6 routes enter ip -6 route show.
gsm: ip -6 route show 2001:4 dd0:ff00:d58 ::1 dev eth0 metric 0 cache 2001:4 dd0:ff00:d58 ::/64 dev eth0 proto kernel metric 256 fe80 ::/64 dev eth0 proto kernel metric 256 default via 2001:4 dd0:ff00:d58 ::1 dev eth0 metric 1024
The ARP cache contains the MAC addresses of the systems the GSM communicated with directly in the LAN recently.
The information can be useful when debugging if a system that is in the same LAN as the GSM is not reachable.
The neighbor cache does the same for IPv6 addresses the ARP cache does for IPv4 addresses.
On the GSM they are not differentiated and are displayed using the same command.
-6 the output can be limited:
gsm: ip neigh show fe80 ::216:47 ff:fe7d :11c3 dev eth0 lladdr 00:16:47:7d:11: c3 router STALE 192.168.222.1 dev eth0 lladdr 00:16:47:7d:11: c3 REACHABLE
With the command ip the changes in the routing table, the ARP cache and neighbor cache and the network adapters can be monitored.
Use the command ip monitor all.
Alternatively only individual sub systems (link, address, route, mroute, neigh., netconf) can be monitored.
To cancel monitoring press
gsm: ip monitor all [ROUTE]ff02 ::1 dev eth0 metric 0 cache [ROUTE ]2 a01 :198:5 a1 :201: d6ae :52ff:fe96:fe9b via 2001:4 dd0:ff00:d58 ::1 dev eth0 metric 0 cache [ROUTE ]2001:4 dd0:ff00:d58 ::1 dev eth0 metric 0 cache [ROUTE]Deleted 2a01 :198:5 a1 :201: d6ae :52ff:fe96:fe9b via 2001:4 dd0:ff00:d58::1 dev eth0 metric 0 cache [ROUTE ]2 a01 :198:5 a1 :255:5054: ff:fec3 :7266 via 2001:4 dd0:ff00:d58 ::1 dev eth0 metric 0 cache [LINK ]4: eth1: <NO -CARRIER ,BROADCAST ,MULTICAST ,UP > link/ether
To check the link status of a network adapter the GSM offers the command
This command expects additionally the name of the network adapter and can then display the current configuration and status.
Interesting for debugging are the negotiated mode and speed and the current link status.
gsm: ethtool eth0 Settings for eth0: Supported ports: [ TP MII ] Supported link modes: 10 baseT/Half 10 baseT/Full 100 baseT/Half 100 baseT/Full Supported pause frame use: No Supports auto - negotiation: Yes Advertised link modes: 10 baseT/Half 10 baseT/Full 100 baseT/Half 100 baseT/Full Advertised pause frame use: Symmetric Advertised auto - negotiation: Yes Link partner advertised link modes: 10 baseT/Half 10 baseT/Full 100 baseT/Half 100 baseT/Full Link partner advertised pause frame use: Symmetric Link partner advertised auto - negotiation: No Speed: 100Mb/s Duplex: Full Port: MII PHYAD: 32 Transceiver : internal Auto - negotiation: on Supports Wake -on: pumbg Wake -on: d Current message level: 0x00000007 (7) drv probe link Link detected: yes
|||The 802.1q protocol with a 12bit VID field supports up to 4096 VLANs. Individual VLAN IDs are reserved however.|
|||Today the IEEE 802.1q protocol is the most common VLAN protocol. It has replaced proprietary protocols of individual manufacturers (such as Cisco’s ISL).|
|||Multiple VLANs are marked with tags in a single connection transfer (single interconnect).|